InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Democrats urge FTC to update COPPA
On September 29, Senator Edward J. Markey (D-MA), along with three other Congressional Democrats, sent a letter to FTC Chair Lina Khan requesting that the Commission update its regulations under the Children’s Online Privacy Protection Act (COPPA). The Senators encouraged the FTC to use its regulatory authority to update COPPA to implement additional protections addressing online threats to children as their use of technology increases. They laid out several areas for the FTC’s consideration, including (i) “expanding the definition of ‘personal information’ covered under COPPA”; (ii) “implementing rules to effectuate COPPA’s prohibition on conditioning a child’s participation in an online activity on the child sharing more data than is reasonably necessary”; (iii) “implementing rules to effectuate COPPA’s requirement that platforms protect the confidentiality, security, and integrity of children’s data”; (iv) “ensuring that COPPA’s requirements protect children on the platforms they actually use by updating COPPA’s regulations defining platforms that are directed to children and updating regulations defining platforms that have actual knowledge they are collecting data from children”; (v) “implementing regulatory protections that reflect the increased use of online platforms for educational purposes”; and “(vi) implementing regulatory protections that reflect changes in online advertising practices.”
The Senators also applauded the FTC’s recently issued advanced notice of proposed rulemaking requesting feedback on questions related to a wide range of concerns about commercial surveillance practices (covered by InfoBytes here), including those involving children and teens, and advised the Commission to closely review and consider expert responses when crafting its rules aimed at the protection of children’s privacy.
Fed finalizes debit card transaction requirement changes
On October 3, the Federal Reserve Board adopted a final rule amending Regulation II, which implements Section 920 of the EFTA, to require that each debit card transaction, including “card-not-present” transactions, must be able to be processed on at least two unaffiliated payment card networks. The final rule, which is substantially similar to the Fed’s notice of proposed rulemaking issued in May 2021 (covered by InfoBytes here), also clarified that the debit card issuer is responsible for ensuring at least two unaffiliated networks have been enabled to process a debit card transaction, and standardizes and clarifies the use of certain terminology in the Fed’s Official Board Commentary on Regulation II. The Fed noted that when the rule was initially issued in 2011, the market had not yet developed solutions to broadly support multiple networks for card-not-present debit card transactions. Claiming technology has since evolved to address these challenges, the Fed said the final rule includes changes to make it easier for debit card issuers to determine whether they are in compliance and encourages competition between networks. The Fed noted, however, that the final rule does not modify interchange fee requirements. The agency said it will continue to review these requirements in light of recently collected debit card industry cost data, and may propose to modify these requirements in the future. The final rule is effective July 1, 2023.
Federal Reserve Governor Michelle W. Bowman voted against adopting the final rule. “During the public comment process, community banks raised substantial concerns with the proposal,” she said. “Although the Board has attempted to identify the likely effects of the proposed rule based on available information, I believe that significant questions remain about how the rule will affect banks, and particularly community banks, with respect to both fraud and the cost of compliance. Given this continued uncertainty, I do not support the final rule.”
Agencies say “living will” guidance for large banks is forthcoming
On September 30, the FDIC and Federal Reserve Board jointly announced that resolution plan guidance for Category II and Category III banking organizations is forthcoming. Large banks that fall withing these categories are generally those with more than $250 billion in total assets but that are not global systemically important banks (G-SIBs). “Larger and more complex banks are already subject to guidance from the agencies,” the agencies said, explaining that Category II and III banks have not received resolution plan guidance yet. These plans—commonly known as “living wills”—outline a bank’s strategy for rapid and orderly resolution under bankruptcy in the event of financial distress or failure. An opportunity for public comment on the guidance will be provided before it is finalized.
CFPB updates education loan servicing examination procedures
On September 28, the CFPB updated the education loan examination procedures in its Supervision and Examination Manual. According to the Bureau, the update to the education loan servicing examination procedures clarifies that when determining its authority to supervise a private student lender, the Bureau “look[s] only to the definition of private education loan in the Truth in Lending Act and not also to Regulation Z.” The Bureau noted that depending on the scope of an examination, “and in conjunction with the compliance management system and consumer complaint response review procedures,” an examination will cover at least one of the following modules: (i) advertising, marketing, and lead generation; (ii) customer application, qualification, loan origination, and disbursement; (iii) student loan servicing; (vi) borrower inquiries and complaints; (v) collections, accounts in default, and credit reporting; (vi) information sharing and privacy; and (vii) examination conclusion and wrap-up.
FinCEN releases final rule on beneficial ownership reporting
On September 29, FinCEN issued a final rule establishing a beneficial ownership information reporting requirement, pursuant to the bipartisan Corporate Transparency Act. According to FinCEN, the final rule will require most corporations, limited liability companies, and other entities created in or registered to do business in the U.S. to report information about their beneficial owners to FinCEN. FinCEN noted that the final rule is designed to protect national security and strengthen the integrity and transparency of the U.S. financial system. FinCEN also released a Fact Sheet clarifying the final rule. The final rule is effective January 1, 2024. Reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial reports, while reporting companies created or registered after January 1, 2024, will have 30 days after creation or registration to file their initial reports. Once the initial report has been filed, both existing and new reporting companies will have to file updates within 30 days of a change in their beneficial ownership information, according to FinCEN. The same day, Treasury Secretary Janet L. Yellen released a statement, noting that the final rule is “a major step forward in giving law enforcement, national security agencies, and other partners the information they need to crack down on criminals, corrupt individuals, and other bad actors who seek to take advantage of America’s financial system for illicit purposes.”
FCC proposes rulemaking to combat unlawful text messages
On September 27, the FCC announced a notice of proposed rulemaking (NPRM) to target and eliminate unlawful text messages. According to the FCC, the number of consumer complaints received related to unwanted text messages has increased by 146 percent between 2019 and 2020, and continues to grow in 2022. The Commission warns that these text messages present harms beyond that of unwanted phone calls, as text messages can include phishing and malware links. More than $86 million was stolen in 2020 through spam texting fraud schemes, the FCC reports. The NPRM seeks feedback on several topics, including whether providers should follow the STIR/SHAKEN authentication protocols for text messages as they do for phone calls, whether providers should block texts from invalid phone numbers, and how it can ensure that emergency text messages or other appropriate texts are not erroneously blocked. The NPRM also proposes requiring providers to block texts that appear to originate from phone numbers that are invalid, unallocated, or unused as well as numbers on the “Do-Not-Originate” list.
The Commission is also seeking input on the extent to which spoofing is a problem in texting, and if caller ID authentication standards should be applied to texting. Spoofing is when a sender deliberately disguises their number to trick a recipient into thinking the message is trustworthy. A working group of the Internet Engineering Task Force is currently considering a draft standard that would apply parts of the STIR/SHAKEN framework to text messages, the FCC stated, adding that it is asking stakeholders for suggestions on an ideal timeline and feedback on whether the current framework’s governance system would be able to accommodate authentication for text messages or if the framework would require more comprehensive technology network upgrades.
Comments on the NPRM are due 30 days after publication in the Federal Register.
CFPB rescinds no-action letter and sandbox policies
On September 27, the CFPB issued a statement in the Federal Register rescinding its No-Action Letter Policy and its Compliance Assistance Sandbox Policy. As previously covered by InfoBytes, in September 2019, the CFPB issued three final innovation policies: the No-Action Letter (NAL) Policy, Compliance Assistance Sandbox (CAS) Policy, and Trial Disclosure Program (TDP) Policy. The NAL policy provided a NAL recipient assurance that the Bureau will not bring a supervisory or enforcement action against the company for providing a product or service under the covered facts and circumstances. The CAS policy evaluated a product or service for compliance with relevant laws and offered approved applicants a “safe harbor” from liability for certain covered conduct during the testing period under TILA, ECOA, or the EFTA. Following the rescission, the statement noted that the Bureau will no longer accept NAL or CAS applications by September 30, but will continue to accept and process requests under the TDP. Entities that have made submissions under the NAL or CAS policies will be notified if the Bureau intends to take additional steps on their submissions. According to the statement, the Bureau “determined that the Policies do not advance their stated objective of facilitating consumer-beneficial innovation” and “that the existing Policies failed to meet appropriate standards for transparency and stakeholder participation.”
FHA will consider first-time homebuyer’s positive rental history in mortgage eligibility
On September 27, HUD announced that FHA will consider a first-time homebuyer’s positive rental payment history as an additional factor in determining eligibility for an FHA-insured mortgage. HUD emphasized that adding a positive rental history indicator to FHA’s Technology Open to Approved Lenders (TOTAL) Mortgage Scorecard enables the credit evaluation to be more comprehensive and equitable. “If you’re regularly paying your rent on time, that’s a good indication you will also pay your mortgage on time,” FHA Commissioner Julia Gordon said. “We hope that adding this positive factor to all of the characteristics currently considered in an FHA credit evaluation will increase access to affordable FHA-insured mortgages for first-time homebuyers.” According to FHA’s Mortgagee Letter 2022-17, “positive rental payment history refers to the on time payment by a borrower of all rental payments in the previous 12 months.” Lenders may begin indicating a borrower’s positive rental payment history in the TOTAL Mortgage Scorecard for scoring events on or after October 30, and for case numbers assigned on or after September 20, 2021.
Treasury discusses future of digital assets, says CBDC may take years
On September 23, the U.S. Treasury Department’s Under Secretary for Domestic Finance Nellie Liang discussed ways in which digital assets could alter the future of money and payments in the U.S. Speaking at the Brookings Institution, Liang highlighted recommendations presented in an agency report released earlier in September as part of President Biden’s Executive Order on Ensuring Responsible Development in Digital Assets (covered by InfoBytes here). The report, Crypto-assets: Implications for Consumers, Investors, and Businesses, outlined several significant areas of concern, including “frequent instances of operational failures, market manipulation, frauds, thefts, and scams.” The report advised federal agencies, including the CFPB, SEC, CFTC, and DOJ, to (i) continue to aggressively pursue enforcement actions focused on the crypto-asset sector; (ii) clarify existing authorities to ensure they are appropriately applied to crypto-assets; (iii) coordinate efforts to increase compliance; and (iv) take collaborative measures to improve the quality of information about crypto-assets for consumers, investors, and businesses.
Liang also commented on the potential benefits of adopting a U.S. central bank digital currency (CBDC), “such as preserving the uniformity of the currency, or providing a base for further innovation,” but warned that further research and development on the technology needed to support such a currency may take years. “There are many important design choices that would require additional consideration,” Liang said, stating, for example, “a retail CBDC would be broadly available to the public, while a wholesale CBDC would be limited to banks and other financial institutions.” Liang said Treasury plans to lead an inter-agency working group to advance further work on a possible CBDC and “consider the implications of CBDC in areas such as financial inclusion, national security and privacy.”
Liang also discussed other recommendations made in the report related to the possible establishment of a federal regulatory framework for nonbank providers of payment services. “A federal framework could provide a common floor for minimum financial resource requirements and other standards that may exist at the state level,” Liang pointed out. “It also would complement existing federal [anti-money laundering/combating the financing of terrorism] obligations and consumer protection requirements that apply to nonbank payment providers,” and “could work in conjunction with a U.S. CBDC or with instant payment systems.” She also commented on Treasury’s work to develop a faster, cheaper cross-border international payment system and noted the agency will consider potential risks, such as privacy and human rights considerations.
CFPB seeks better refi, loss-mitigation options
On September 22, the CFPB issued a request for information (RFI) regarding ways to improve mortgage refinances for homeowners and how to support automatic short-term and long-term loss mitigation assistance for homeowners who experience financial disruptions. According to the Bureau, refinancing volume has decreased almost 70 percent from last year as interest rates have risen. Additionally, periods of economic turmoil, such as the Covid-19 pandemic, can pose significant challenges for mortgage borrowers, the Bureau noted. Throughout the pandemic, 8.2 million borrowers entered a forbearance program, and as of July 2022, 93 percent have exited. Of those who have exited forbearance, five percent are delinquent or in active foreclosure. The Bureau is interested in the features of pandemic-related forbearance programs that should be made more generally available to borrowers. Specifically, the RFI requests information regarding, among other things: (i) targeted and streamlined refinance programs; (ii) innovative refinancing products; and (iii) automatic forbearance and long-term loss mitigation assistance. Comments are due 60 days after publication in the Federal Register.